The number stored in “encrypted” is the version you need to verify the signature. The best way to get a feeling how this works is to step through the code, beginning here https://github.com/nextcloud/server/blob/master/apps/encryption/lib/Crypto/Encryption.php#L364